Lucene search
PRIOn knowledge basePRION:CVE-2020-35476HistoryDec 16, 2020 - 8:15 a.m.
Remote code execution
2020-12-1608:15:00
PRIOn knowledge base
www.prio-n.com
6
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)
Related
packetstorm
packetstorm
OpenTSDB 2.4.0 Command Injection
2022-12-23 00:00:00
osv
osv
OS Command Injection in OpenTSDB
2021-08-02 17:02:21
CVE-2020-35476
2020-12-16 08:15:13
CVE-2023-25826
2023-05-03 19:15:08
cvelist
cvelist
CVE-2020-35476
2020-12-16 00:00:00
CVE-2023-25826 Remote Code Execution in OpenTSDB
2023-05-03 18:33:59
nvd
nvd
CVE-2020-35476
2020-12-16 08:15:13
CVE-2023-25826
2023-05-03 19:15:08
checkpoint_advisories
checkpoint_advisories
StumbleUpon OpenTSDB Remote Code Execution (CVE-2020-35476)
2021-02-10 00:00:00
nuclei
nuclei
OpenTSDB <=2.4.0 - Remote Code Execution
2021-01-31 17:35:32
zdt
zdt
OpenTSDB 2.4.0 Command Injection Exploit
2022-12-24 00:00:00
cve
cve
CVE-2020-35476
2020-12-16 08:15:13
CVE-2023-25826
2023-05-03 19:15:08
metasploit
metasploit
OpenTSDB 2.4.0 unauthenticated command injection
2022-11-24 19:37:24
github
github
OS Command Injection in OpenTSDB
2021-08-02 17:02:21
Command injection in OpenTSDB
2023-05-03 21:30:18
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-01-06 21:32:44
prion
prion
Input validation
2023-05-03 19:15:00